On March 15, 2021, California’s Attorney General announced the adoption of updates to the regulations implementing the California Consumer Protection Act (“CCPA”). The final (for now) regulations are available here. These latest updates are effective immediately.
The version that took effect yesterday is substantially identical to the draft updates that the Attorney General proposed on December 10, 2020. (We discussed the December 2020 proposal in detail here.) Notably, California at last now has an officially sanctioned form of an opt-out button . It looks like this:
By clicking the button, consumers can implement their CCPA right to tag their data “do not sell.” As of January 1, 2023, that right expands to include “do not share.”
The updated regulations also require businesses that collect personal information from customers offline to provide an easy, offline method for customers to opt out. The regulations now require businesses which knowingly sell the personal information of consumers under 16 to include, in their consumer-facing policies, a description of the process for opting into the sale of this information.
The newly updated regulations make only one change of substance as compared to the December 2020 proposal: The Attorney General has removed a proposed clause that would have required the opt-out icon to be to the left of any text saying “Do not sell my personal information.”
To subscribe to the Data Blog, please click here.
